[elrepo] Announcement: EL7 New kernel-ml Release [4.15.0-1]
Phil Perry
phil at elrepo.org
Wed Jan 31 07:18:18 EST 2018
On 30/01/18 23:47, Lachlan Musicman wrote:
> On 31 Jan. 2018 10:35 am, "Sam McLeod" <mailinglists at smcleod.net
> <mailto:mailinglists at smcleod.net>> wrote:
>
> Hi Trevor,
>
> I didn't think that to compile a kernel with IBRS/IBPB your
> /compiler/ had to be updated as well?
> I thought that was a seperate issue but perhaps I'm mistaken.
>
>
> Yes, it does require a newer compiler...you can see the details of why here:
>
> https://support.google.com/faqs/answer/7625886
>
> Cheers
> L.
>
No, not to my understanding. IBRS and retpoline are 2 separate ways of
mitigating Spectre Variant 2. They are not linked or related.
The IBRS method is dependant upon kernel patches AND updated hardware
microcode.
The retpoline method is dependant upon kernel patches AND an
updated/patched compiler.
At present, the distro kernel has the IBRS patches backported to it by
Red Hat so is dependant upon the availability of updated hardware
microcode to be effective (which Intel recently pulled)
Kernel-ml has the retpoline patches but at present RHEL does not have a
retpoline-aware compiler. The upstream kernel code (kernel.org) does not
currently contain the IBRS patches that Red Hat have incorporated into
the distro kernel.
Hence at present there is no viable mitigation available for Spectre
Variant 2 for most users, regardless of whether you are running the
distro kernel or kernel-ml.
Hope that helps.
More information about the elrepo
mailing list